When GDPR came into force on May 25, 2018 and with it the prospect of hefty fines for organizations who fail to protect the personal information of EU citizens, many thought we would see a flurry of high-priced penalties. While we have seen a deluge of data breach notifications being filed with the Information Commissioner’s Office (ICO) — nearly 65,000 so far according to a new EU data protection board report — we haven’t witnessed the barrage of high-profile violations many people predicted. At least not yet.
Google is the one exception. As has been highly reported, French data protection authority CNIL issued Google a €50m fine for violating GDPR transparency rules and failing to have a legal basis for processing user data for advertising. Google is appealing the case. There have been other fines handed down too, but none come close to bearing the Google price tag.
One year into GDPR enforcement, regulators are busy investigating the thousands of breach notifications – and staffing up to meet the now-immense workload. The ICO has doubled their staff; Nordic regulators have increased their funding for growing legal case work, to name but two examples. We can expect that once the legal and investigative teams have completed their work, enforcement will begin and with that, high prices for non-compliance.
While regulators scramble to investigate the thousands of data breaches already in their pipeline (with more coming in every day) and teams of attorneys navigate new waters within the legal system, what can you do to ensure your organization won’t be making the wrong kind of headlines in 2019 and beyond?
To be most effective, GDPR compliance must be an organization-wide effort. Here are five tips for integrating data privacy principles across all levels of your organization:
Because you can’t secure what you can’t see, another important step is to maintain uncompromised visibility and control over all of your endpoints, whether they are on or off your corporate network. Be sure to benchmark your security controls against compliance standards and stay audit-ready.
For more on how to lay out a path for harmonious ways to work within the law while also advancing technology, listen to our panel discussion with both legal and IT experts, IT on Trial – Guilty Until Proven Innocent?